Automatically turn firewall on and off ?

[Matthew H]

Hi there,

I was wondering is there a way I can have users PCs turn the firewall on or
off depending if they are in the office or not?
We have Windows XP laptops in a Windows domain and we want the firewall off
when in the office and off when they are anywhere outside the domain/office.

Is this possible with the build in Win XP firewall or will I need a third
party product?

 

[Tom Willett]

Open up the Windows firewall and turn it on an off as you wish.
: Hi there,
:
: I was wondering is there a way I can have users PCs turn the firewall on
or
: off depending if they are in the office or not?
: We have Windows XP laptops in a Windows domain and we want the firewall
off
: when in the office and off when they are anywhere outside the
domain/office.
:
: Is this possible with the build in Win XP firewall or will I need a third
: party product?

 

[Old Rookie]

Configure Group Policy to do that. You can create different settings for the
domain and standard profile. The standard profile works on a network where a
domain controller is not detected. Make sure that the laptops in question
are within the scope of influence of the Group Policy. You can run rsop.msc
on a domain computer to see what Group Policy settings are actually being
applied to it.

The settings in question are under computer configuration\administrative
templates\network\network connections\Windows Firewall.

It is also best practice to NOT modify default GPOs but instead create one
for this puprpose or edit a custom one already created for those computers.
By not modifying default GPOs it is much easier to put everything back to
default settings by simply disabling or unlinking a custom GPO.

Steve

 

[David B.]

That doesn't seem too automatic to me.

 

[Raymond Babbitt]

That doesn't seem too automatic to me.

Maybe that was the point, Einstein.

 

[David B.]

Maybe, but not a solution, you can't rely on the average user to be
concerned with their PC's security or remember to enabled firewalls when
required, and by the way moron, my name ain't Einstein.

 

[Tom Willett]

The word "automatic" didn't appear in the OPs post.

: That doesn't seem too automatic to me.
:
: --
:
:
: ------
: : > Open up the Windows firewall and turn it on an off as you wish.
: > : > : Hi there,
: > :
: > : I was wondering is there a way I can have users PCs turn the firewall
on
: > or
: > : off depending if they are in the office or not?
: > : We have Windows XP laptops in a Windows domain and we want the
firewall
: > off
: > : when in the office and off when they are anywhere outside the
: > domain/office.
: > :
: > : Is this possible with the build in Win XP firewall or will I need a
: > third
: > : party product?
: >
: >
:

 

[Brad Dinerman [MVP - Enterprise Security]]

Matthew,

Assuming that your domain is running Windows 2003 or Windows 2008
Server, then you can use Group Policy to accomplish this result.
Further assuming that you have familiarity with Group Policy, you will
want to setup the policy for the Domain Profile and the Standard Profile
(the latter being the off-network settings).

Of course, my personal opinion is that you should have the Windows
firewall enabled whether or not you're on the network. Having a
perimeter firewall (Cisco, SonicWall, etc) at your company does not
negate the necessity for a host-based firewall as well. But perhaps
there is some business reason for your decision of which I'm not aware.

In either case, here is a small article on domain vs. standard profiles
for the firewall:
http://technet.microsoft.com/en-us/library/cc739685(WS.10).aspx

and another small one on configuring firewalls using Group Policy:
http://technet.microsoft.com/en-us/library/cc785865(WS.10).aspx

Good luck...

-Brad




_______________________________________________
Bradley J. Dinerman, MVP - Enterprise Security
President, National Information Security Group
http://www.naisg.org

Brad's TechTips: http://www.fieldbrook.net/techtips/

 

[David B.]

It appeared in the subject line, is that not good enough for you?